Managing Cyber-Attacks

CIOs and CSOs start the management process before the cyber-attack occurs

Cyber-attacks are now an everyday event and it is only a matter of time before your company faces one if it has not already. Cyber criminals are ubiquitous and attacks will continue despite our resolute attempts to stop them - even organizations with the best defenses in place are not immune. CIOs and CSOs need to accept these risks as fact and be prepared to respond quickly and effectively.
Managing cyber breaches starts before the breach occurs

Be Prepared

Perform a security data audit: know where sensitive data resides and come up with a data protection strategy. These measures can save hours of critical time that would have to be done in the heat of the moment after a cyber-attack. The audit should include personally identifying information (PII) such as credit-card data, any intellectual property, classified materials and any data under regulatory or compliance control.

Document results and keep them up to date: to make sure that the company is always ready, know sensitive data locations, keep systems patched and up-to-date, conduct ongoing vulnerability testing, and continually test and refine the process with regular 'fire drills'.

Monitor and Report Breach Quickly

Conduct endpoint security analytics: leveraging data from all servers and end-user devices, endpoint security analytics can give complete visibility of endpoint activities across the network, in order to detect anomalous behavior, risks areas, and security threats before damage can spread.

Automate the security processes: Integrating network-enabled cyber forensics tools with systems to quickly reveal and validate suspect or mutating software on any endpoint on the network. The security tool should be able to work quickly across platforms, as speed is essential to finding and collecting actionable volatile data.

Understand the exposure quickly once a breach occurs

Determine the extent of exposure: Once a problem has been identified, the next step would be to scope the threat to understand the extent of the breach and its long term exposure issues. The biggest threats should be dealt with first, followed by determining whether any PII /or intellectual property have been compromised.

Contain the exposure and understand what it is doing

Block the breach: As soon as possible block the breach even if it mean turning off the applications to prevent further damage

Understand the capability of the malware or attack: Typically a forensics team that can handle malware with reverse-engineering capabilities will be brought in, as the main goal is to determine how to eradicate malware off the network.

Collect data for post event analysis: The company should collect relevant data with network-enabled tools, collect and preserve volatile data as potential evidence, capture the crucial malware and artefacts, determine whether it is polymorphic or metamorphic, discover hash values and registry values and recommend remediation steps.

Implement a solution to eliminate the breach and prevent future occurrences

Implement long term solution: Once the malware has been identified, as well as which and how much sensitive data has been breached, it is time to remediate. The incident response team can begin remediating systems by deleting all malicious or unauthorized code. At this time, they should also conduct a post-attack sensitive-data audit of the affected machines to ensure data resides only where it safely belongs in your network.

Adjust monitoring protocols: Continuous monitoring of the network's activities will be instrumental in determining whether or not the remediation steps taken were sufficient to successfully return systems to their original, optimal state.

Post event reporting and communication

Post Mortem Analysis: The post-mortem report will be vital to all concerned with business reputation, viability, and operations and should be as clear and non-technical as possible. It could include a list of lessons learned from the incident, including what the organization intended or planned to do, what went wrong, and what can be improved upon.

288 Job Descriptions from the Internet and IT Job Descriptions HandiGuide in MS Word Format including all of the job descriptions in the Premium Edition. Each job description is at least 2 pages long and some of the more senior positions are up to 8 pages in length.